unkinben 11286a1f89 feat(kanidm): automate replication cert exchange via native sidecar
Add a native sidecar (bitnami/kubectl, restartPolicy: Always) that runs
kanidmd renew-replication-certificate on each pod and patches the result
into the kanidm-repl-certs ConfigMap (certs are public keys, not secrets).
The config-init init container reads peer certs from the ConfigMap at
startup, building the replication stanza automatically — no manual cert
exchange required after first deploy.

Add RBAC (Role + RoleBinding) granting the kanidm service account
pods/exec and configmap patch permissions scoped to the kanidm namespace.
2026-05-24 19:42:32 +10:00
2026-04-07 19:52:17 +10:00
2026-03-01 16:34:01 +11:00
2026-03-02 23:08:04 +11:00
S
Description
GitOps for ArgoCD
4.1 MiB
Languages
Shell 67.9%
Python 23.1%
Makefile 9%